Product Documentation

Adding or Removing Roles

Oct 20, 2015

A role is a group of users to which you assign applications. You can use roles to assign groups from Active Directory in App Controller. After you add Active Directory groups to a role, you then assign applications to the role. The basic steps for adding a role in App Controller are as follows:

  • Assign a name to the role.
  • Provide a description for the role.
  • Select one or more groups that exist within the domain you chose and add them to the role.

    If users are members of multiple groups, you can choose if users must be members of all of the defined groups or if users can belong to some of the groups. For example, you have JohnD in the Sales, Finance, and Marketing Groups. To access apps and data, you can require JohnD to be a member of all three groups. You can also allow JohnD to be a member of any of the groups to gain access to apps and data.

  • Select the ShareFile Storage Zone to which users have access.

You can assign web, SaaS, and mobile applications to a role. You can also assign web links to a role and add roles to ShareFile settings.

Note: You must configure Roles before you configure ShareFile settings. You cannot use the AllUsers role for ShareFile.

After you configure roles, you configure the applications for single sign-on (SSO). You can then assign one or more applications to the roles. For example, you configure Sales, Marketing, and Finance roles in App Controller. After you configure the Salesforce and GoToMeeting application connectors, you might assign the Salesforce application to the Sales role and you might assign GoToMeeting to all three roles.

When you add a role, you assign one or more Active Directory domain or groups to the role. For example, you have two domains: mydepartment and financedepartment. You want to add groups from each domain to the role. App Controller shows the domain and groups on the Membership page in the Role dialog box as shown in the following figure:

Selecting Domains and Groups for a Role

You must have an active connection from App Controller to Active Directory to add a role. After you add domains and groups to the role, you then assign applications to the role.

Note: You can only use the Assign Apps to Role link on the Roles tab when you create a role. You can also assign an app to a role by using the Configure App dialog box.

When you configure a role and add multiple Active Directory groups, you can require users to be a member of all groups or you can require membership in at least one of the selected groups.

When you delete a role, the role is removed from App Controller. If you need the role again, you need to configure a new role.

To add a role

  1. In the App Controller management console, click the Roles tab.
  2. Under Roles, click Add Role.
  3. In the Add Role dialog box, in Role name, type a name for the role.
  4. In Role description, enter a description of the role.
  5. Optionally, under ShareFile Configuration, in Storage Zone, select the storage zone for the role.

    Storage Zone only appears if you configure ShareFile in App Controller. If ShareFile is not configured, you can click the Sync icon to add the domain, user name, and password for ShareFile. When you click Discover, App Controller retrieves the ShareFile Storage Zone. The Sync icon does not appear if you configure ShareFile in App Controller.

  6. Click Next.
  7. In Group membership, do one of the following:
    1. Click AND to require role membership from all groups in order to access apps.
    2. Click OR to require role membership in any of the selected groups in order to access apps.
  8. Under Group, select the groups that you want to add to the role and then click the chevron (>) to move the groups to Member.
  9. Click Save.

To delete a role

  1. In the App Controller management console, click the Roles tab.
  2. In the navigation pane, under Roles, click the wrench icon for the role and then in the dialog box, click the X icon.
  3. Click Yes to delete the role.

To edit a role

When you edit a role, you can change the name of the role, update the description, or add or remove groups.

  1. In the management console, click the Roles tab.
  2. In the left pane, under Roles, click the wrench icon for a role and then in the dialog box that appears, click the pencil icon.
  3. In the Edit Role dialog box, make your changes and then click Save.
    Note: You cannot change the role name.

Viewing Members of Active Directory Groups

After you add Active Directory groups to a role, you can view the members of the Active Directory group.

To view Active Directory group membership

  1. In the App Controller management console, click the Roles tab.
  2. Under Roles, click a role and then click the wrench icon to the right of the role name.
  3. In the pop-up dialog box, click the pencil icon.
  4. In the Edit Role dialog box, click Next and then click the users icon next to the group name.

    The list of users appear in the View Group Members dialog box. You can also view the details when you add groups to a role.

  5. Click Close and then click Save if you made changes to the role. Otherwise, click Cancel.

To assign applications to roles

You can add one or more applications to a role. Roles allow you to control who has access to applications in your organization. You can add a role when you configure the app or from the Roles panel. When you create a role, you assign users and then you assign apps. You must create one or more roles before you assign an application to a role. You cannot assign an application to the default AllUsers role.

  1. In the management console, click the Roles tab.
  2. In the navigation pane, under Roles, select a role and then at the bottom of the left-hand menu, click Assign apps to role.
  3. In the Assign Apps to Role dialog box, do one of the following:
    1. To add one application, under Available Apps, select the application and then click the single chevron (>) to move the application to Apps assigned to Role.
    2. To add two or more applications, under Available Apps, press the CTRL key, select the applications and then click the single chevron to move the applications to Apps assigned to Role.
    3. To add all applications in the list, under Available Apps select the applications and then click the double chevron (>>) to move all of the applications to Apps assigned to Role.
  4. Click Save.

    You can view applications assigned to roles on the Roles page. When you click a role, the applications appear under Applications Assigned to <roleName>. If you configure multiple roles, click the role to see the assigned apps.

To remove applications from a role

  1. In the App Controller management console, click the Roles tab.
  2. In the navigation pane, under Roles, click the role.
  3. Under Applications assigned to <roleName>, hover over an application and then click the X in the upper-right corner.